jwt

package

v1.5.4 Latest Latest Go to latest Published: Mar 2, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-lynx/lynx

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func Check(token string, c CustomClaims, key ecdsa.PublicKey) (bool, error)
func CheckSecure(token string, c CustomClaims, key ecdsa.PublicKey, expectedAlg string) (bool, error)
func CheckWithKeyFunc(token string, c CustomClaims, expectedAlg string, keyFunc jwt.Keyfunc) (bool, error)
func Sign(c CustomClaims, alg string, key *ecdsa.PrivateKey) (string, error)
func SignJWT(c CustomClaims, alg string, key *ecdsa.PrivateKey) (string, error)
func SignWithOptions(c CustomClaims, alg string, key *ecdsa.PrivateKey, opts *SignOptions) (string, error)
func Verify(token string, c CustomClaims, key ecdsa.PublicKey) (bool, error)
func VerifyWithAlg(token string, c CustomClaims, key ecdsa.PublicKey, expectedAlg string) (bool, error)
func VerifyWithKeyFunc(token string, c CustomClaims, expectedAlg string, keyFunc jwt.Keyfunc) (bool, error)
func VerifyWithOptions(token string, c CustomClaims, opts VerifyOptions) (bool, error)
type CustomClaims
type Decorator
type SignOptions
type VerifyOptions

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrUnexpectedSigningMethod is returned when the token signing method doesn't match expectation
	ErrUnexpectedSigningMethod = errors.New("unexpected signing method")
)

============================================================ Errors and Decorators ============================================================

Functions ¶

func Check ¶

func Check(token string, c CustomClaims, key ecdsa.PublicKey) (bool, error)

============================================================ Verification (Legacy APIs) ============================================================ Check validates a JWT token. Deprecated: use Verify or VerifyWithAlg for clearer naming and safer defaults.

func CheckSecure ¶

func CheckSecure(token string, c CustomClaims, key ecdsa.PublicKey, expectedAlg string) (bool, error)

CheckSecure provides stricter JWT validation: 1) Enforces signing algorithm to match expectedAlg (prevents downgrade/misconfiguration). 2) Applies claims.Decoration() for post-processing. Note: expectedAlg like "ES256". If empty, algorithm enforcement is skipped. Deprecated: use VerifyWithAlg instead.

func CheckWithKeyFunc ¶

func CheckWithKeyFunc(token string, c CustomClaims, expectedAlg string, keyFunc jwt.Keyfunc) (bool, error)

CheckWithKeyFunc provides strict validation with a custom KeyFunc: allows selecting public keys dynamically (e.g., via header kid) and enforcing expectedAlg. Deprecated: use VerifyWithKeyFunc instead.

func Sign ¶

func Sign(c CustomClaims, alg string, key *ecdsa.PrivateKey) (string, error)

============================================================ Signing ============================================================ Sign generates a JWT token

func SignJWT ¶

func SignJWT(c CustomClaims, alg string, key *ecdsa.PrivateKey) (string, error)

SignJWT is a semantic alias for Sign

func SignWithOptions ¶

func SignWithOptions(c CustomClaims, alg string, key *ecdsa.PrivateKey, opts *SignOptions) (string, error)

SignWithOptions supports setting header fields such as kid

func Verify ¶

func Verify(token string, c CustomClaims, key ecdsa.PublicKey) (bool, error)

============================================================ Verification (Preferred APIs) ============================================================ Verify validates a token without enforcing algorithm consistency (same behavior as Check)

func VerifyWithAlg ¶

func VerifyWithAlg(token string, c CustomClaims, key ecdsa.PublicKey, expectedAlg string) (bool, error)

VerifyWithAlg validates a token and enforces the signing algorithm to match expectedAlg (recommended in production)

func VerifyWithKeyFunc ¶

func VerifyWithKeyFunc(token string, c CustomClaims, expectedAlg string, keyFunc jwt.Keyfunc) (bool, error)

VerifyWithKeyFunc validates a token using a custom keyfunc

func VerifyWithOptions ¶

func VerifyWithOptions(token string, c CustomClaims, opts VerifyOptions) (bool, error)

VerifyWithOptions validates using jwt/v5 parser options

Types ¶

type CustomClaims ¶

type CustomClaims interface {
	Init() error
	Valid() error
	Decoration() error
	jwt.Claims
}

type Decorator ¶

type Decorator interface {
	Decorate() error
}

Decorator is optional: if implemented, Decorate() is preferred; otherwise fall back to CustomClaims.Decoration()

type SignOptions ¶

type SignOptions struct {
	// Optional: set JWT header "kid" for key rotation
	Kid string
}

SignOptions Options for signing

type VerifyOptions ¶

type VerifyOptions struct {
	ExpectedAlg string
	ExpectedIss string
	ExpectedAud string
	Leeway      time.Duration
	KeyFunc     jwt.Keyfunc
	PublicKey   *ecdsa.PublicKey
}

VerifyOptions provides configurable verification options

Source Files ¶

View all Source files

jwt.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL